Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Picasa by Google

jvndb-2011-000022

Vulnerability from jvndb

Published

2011-03-28 08:11

Modified

2011-03-28 08:11

Severity ?

() - -

Summary

Picasa may insecurely load executable files

Details

Picasa may use unsafe methods for determining how to load executables (.exe) Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN99977321/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0458
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0458
	SECUNIA	http://secunia.com/advisories/43853
	BID	http://www.securityfocus.com/bid/47031
	VUPEN	http://www.vupen.com/english/advisories/2011/0766
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Google

Picasa

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000022.html",
  "dc:date": "2011-03-28T08:11+09:00",
  "dcterms:issued": "2011-03-28T08:11+09:00",
  "dcterms:modified": "2011-03-28T08:11+09:00",
  "description": "Picasa may use unsafe methods for determining how to load executables (.exe)\r\n\r\nPicasa is a software for viewing and managing photos. Picasa loads certain executables when using the \"Locate on Disk\" function. Picasa contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000022.html",
  "sec:cpe": {
    "#text": "cpe:/a:google:picasa",
    "@product": "Picasa",
    "@vendor": "Google",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000022",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN99977321/index.html",
      "@id": "JVN#99977321",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0458",
      "@id": "CVE-2011-0458",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0458",
      "@id": "CVE-2011-0458",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/43853",
      "@id": "SA43853",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/47031",
      "@id": "47031",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2011/0766",
      "@id": "VUPEN/ADV-2011-0766",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Picasa may insecurely load executable files"
}